wildcard subdomains - Githubissues

blechschmidt / massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

GNU General Public License v3.0

3.08k stars 460 forks source link

wildcard subdomains #73

Closed JackandBlackLLL closed 4 years ago

JackandBlackLLL commented 4 years ago

I get a list of subdomains with other scripts. After that I get DNS records and based on this I get valid subdomains. But often I get a lot of false results, in particular because of the fact that the subdomain has a wildcard configured on the domain. How to enable the function of checking the wildcard subdomains so that I get cleaner results that exclude the wildcard subdomains? I see massdns have this function "Add wildcard detection for reconnaissance"

blechschmidt commented 4 years ago

Since wildcard detection is listed as a todo, this feature is not yet implemented. In case you perform reconnaissance scans, it is worth to have a look at shuffledns, which is a wrapper around massdns improving usability and supporting wildcard detection.

storenth commented 3 years ago

But using shuffledns we need one more step to get the final IP, because it doesn't provide with IPs output, so

Sieving for wildcard enabled DNS using shuffledns
Get IPs from filtered subdomains.